Tuesday, December 4, 2007

More information on Second Life hack

More information is being released from people outside of Linden Lab on this exploit. Symantec has a warning up on this exploit at their site.

"The attack begins with the popular IFrame. An IFRAME code that causes the browser to make an additional request to another URL,is embedded in a porn site. Without knowledge, users visiting this site are redirected to the malicious site serving the exploit. Currently, the malware that is downloaded by the exploit is detected by Symantec as Downloader. We are still studying the attack in depth, so look out for more information at a later time.

Since a patch to correct this issue has yet to be released, we advise users to be cautious when browsing the web. For those of you seeking extra protection, we also recommend the following options:

- Run web browsers at the highest security settings possible

- Disable Apple Quicktime as a registered RTSP protocol handler.

- Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999 "

This seems to be a weakness in the Quicktime client to redirect a user to a hidden malicious website to silently install exploit code which is then used to execute the SL exploit of transferring Linden $ and/or objects in world.

It will be interesting to see what Linden will come up with in the next weeks to come on this issue.

But taken into account, I will certainly take the steps that are suggested by Symantec, to lessen the vulnerability to this exploit.

No comments: